Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MI_R9K8yo5rcSaz4z8h_N45oGdU.roa
File:                     MI_R9K8yo5rcSaz4z8h_N45oGdU.roa (raw, json)
Hash identifier:          QnWEYAVcHBHPDVZzRLiqlOfDxvCtCewlFfsnKKT+Dac=
Subject key identifier:   30:8F:D1:F4:AF:32:A3:9A:DC:49:AC:F8:CF:C8:7F:37:8E:68:19:D5
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0185710C36A8DC85DFE820DA3AF839458CDC
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MI_R9K8yo5rcSaz4z8h_N45oGdU.roa
Signing time:             Mon 02 Jan 2023 05:55:03 +0000
ROA not before:           Mon 02 Jan 2023 05:55:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     394844
IP address blocks:        94.154.180.0/23 maxlen: 23
                          45.67.140.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 09 Jun 2023 19:25:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0c:36:a8:dc:85:df:e8:20:da:3a:f8:39:45:8c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  2 05:55:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=308fd1f4af32a39adc49acf8cfc87f378e6819d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:43:7d:67:a8:11:44:8f:7c:67:2f:f1:a3:51:
                    c1:91:17:e1:64:7a:ce:e4:4e:8f:50:28:e2:4e:3d:
                    6f:38:42:d0:42:19:5d:03:01:d5:d1:03:92:fa:84:
                    b5:dd:58:3f:34:93:cd:59:53:ea:c1:a2:a9:13:94:
                    84:9c:fc:09:00:7a:ea:30:dd:55:90:cb:c5:31:95:
                    14:5a:30:a5:04:ec:6c:4e:9e:49:fa:53:b4:a4:9a:
                    4e:28:66:f4:cb:8e:e1:d2:ed:19:10:6a:5c:51:3b:
                    c7:b2:c3:a2:c6:9b:77:e8:63:78:ab:bb:f3:6e:ce:
                    ad:d0:31:92:5a:6f:0d:a9:13:cc:9c:a7:76:cc:49:
                    c0:dd:b8:1e:4f:98:80:aa:98:c6:57:ad:10:d7:51:
                    d4:90:1e:d7:fe:e0:dc:d8:eb:1f:20:92:bd:03:12:
                    d0:cc:3b:63:21:16:d8:53:7f:4d:e0:66:06:8b:c5:
                    b1:12:3e:64:64:a3:2c:e4:c2:6f:63:d8:90:e9:f8:
                    69:87:c8:53:98:2b:0e:89:ec:63:14:4d:34:57:5f:
                    46:7e:a3:33:0e:06:42:a3:49:d6:7d:04:f6:57:2f:
                    f8:77:28:b4:ec:e8:b3:d5:98:f4:4d:71:14:00:68:
                    2b:a0:df:f1:da:ea:a9:97:98:9b:b1:d2:85:18:39:
                    23:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8F:D1:F4:AF:32:A3:9A:DC:49:AC:F8:CF:C8:7F:37:8E:68:19:D5
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MI_R9K8yo5rcSaz4z8h_N45oGdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.140.0/24
                  94.154.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:a1:60:b6:fd:e5:8a:20:ae:33:3b:21:8f:13:eb:f4:74:3e:
         72:bd:c1:b4:e9:8d:a8:bd:40:ce:f4:58:b1:d6:b4:88:1d:0e:
         3d:c4:93:e7:d5:31:5e:9f:06:ec:2e:b7:bb:a7:94:ee:f0:3c:
         13:c4:00:19:34:ba:3c:9a:47:d9:a3:64:6a:c8:9b:d0:ef:62:
         8d:29:ae:da:02:6e:21:9d:87:74:45:b3:f9:12:fc:8c:8c:70:
         c8:84:b1:ac:98:57:66:3b:f5:76:0e:35:b3:b3:52:3b:92:b2:
         fa:91:df:c6:98:fd:a6:cd:fe:fd:f3:cd:24:41:5b:c7:fa:0c:
         0c:f5:36:92:ef:66:37:ea:f0:a4:ae:5f:1d:cd:39:bb:37:34:
         af:73:49:92:4f:ff:00:07:7b:3e:e0:ec:e8:b4:81:66:73:d0:
         cc:62:a6:c4:98:ce:b2:62:49:fa:b3:86:09:63:72:31:9b:c6:
         b9:d8:aa:6a:b6:c8:74:dd:1d:a3:b9:2f:80:16:22:3b:76:7f:
         79:0d:79:f6:67:85:a9:b5:46:2f:df:96:7a:d9:00:b3:37:1c:
         c0:14:2a:f1:e0:37:8d:96:e3:39:05:b1:bb:e3:13:cb:3b:65:
         92:de:5c:87:0f:97:46:63:53:87:ca:66:e4:96:3a:a6:44:fe:
         fa:53:5f:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxDDao3IXf6CDaOvg5RYzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjMwMTAyMDU1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDhmZDFmNGFmMzJhMzlhZGM0OWFjZjhjZmM4N2YzNzhlNjgxOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEN9Z6gRRI98Zy/xo1HBkRfhZHrO
5E6PUCjiTj1vOELQQhldAwHV0QOS+oS13Vg/NJPNWVPqwaKpE5SEnPwJAHrqMN1V
kMvFMZUUWjClBOxsTp5J+lO0pJpOKGb0y47h0u0ZEGpcUTvHssOixpt36GN4q7vz
bs6t0DGSWm8NqRPMnKd2zEnA3bgeT5iAqpjGV60Q11HUkB7X/uDc2OsfIJK9AxLQ
zDtjIRbYU39N4GYGi8WxEj5kZKMs5MJvY9iQ6fhph8hTmCsOiexjFE00V19GfqMz
DgZCo0nWfQT2Vy/4dyi07Oiz1Zj0TXEUAGgroN/x2uqpl5ibsdKFGDkj4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDCP0fSvMqOa3Ems+M/IfzeOaBnVMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvTUlfUjlLOHlvNXJjU2F6NHo4aF9ONDVvR2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUOMAwQB
Xpq0MA0GCSqGSIb3DQEBCwUAA4IBAQCSoWC2/eWKIK4zOyGPE+v0dD5yvcG06Y2o
vUDO9Fix1rSIHQ49xJPn1TFenwbsLre7p5Tu8DwTxAAZNLo8mkfZo2RqyJvQ72KN
Ka7aAm4hnYd0RbP5EvyMjHDIhLGsmFdmO/V2DjWzs1I7krL6kd/GmP2mzf79880k
QVvH+gwM9TaS72Y36vCkrl8dzTm7NzSvc0mST/8AB3s+4OzotIFmc9DMYqbEmM6y
Ykn6s4YJY3Ixm8a52Kpqtsh03R2juS+AFiI7dn95DXn2Z4WptUYv35Z62QCzNxzA
FCrx4DeNluM5BbG74xPLO2WS3lyHD5dGY1OHymbkljqmRP76U1+z
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:16 2024 by rpki-client on console-ams.rpki-client.org